Nico Kadel-Garcia
b2491c289d
Switch %define to %global for redhat/openssh.spec
2020-02-22 11:48:05 +11:00
mkontani
b18dcf6cca
fix some typos and sentence
2020-02-21 12:29:05 +11:00
dtucker@openbsd.org
0001576a09
upstream: Fix some typos and an incorrect word in docs. Patch from
...
itoama at live.jp via github PR#172.
OpenBSD-Commit-ID: 166ee8f93a7201fef431b9001725ab8b269d5874
2020-02-21 12:27:23 +11:00
dtucker@openbsd.org
99ff8fefe4
upstream: Update moduli generation script to new ssh-keygen
...
generation and screening command line flags.
OpenBSD-Commit-ID: 5010ff08f7ad92082e87dde098b20f5c24921a8f
2020-02-21 11:11:08 +11:00
dtucker@openbsd.org
700d16f5e5
upstream: Import regenerated moduli.
...
OpenBSD-Commit-ID: 7b7b619c1452a459310b0cf4391c5757c6bdbc0f
2020-02-21 11:10:25 +11:00
Darren Tucker
4753b74ba0
Import regenerated moduli.
2020-02-20 16:42:50 +11:00
HARUYAMA Seigo
11d4271627
Fix typos in INSTALL: s/avilable/available/ s/suppports/supports/
2020-02-18 20:24:44 +11:00
dtucker@openbsd.org
264a966216
upstream: Ensure that the key lifetime provided fits within the
...
values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@
OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2
2020-02-18 20:23:25 +11:00
dtucker@openbsd.org
de1f3564cd
upstream: Detect and prevent simple configuration loops when using
...
ProxyJump. bz#3057, ok djm@
OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
2020-02-18 20:23:25 +11:00
naddy@openbsd.org
30144865bf
upstream: document -F none; with jmc@
...
OpenBSD-Commit-ID: 0eb93b75473d2267aae9200e02588e57778c84f2
2020-02-18 20:23:25 +11:00
Darren Tucker
011052de73
Remove unused variable warning.
2020-02-17 22:55:51 +11:00
Darren Tucker
31c9348c5e
Constify aix_krb5_get_principal_name.
...
Prevents warning about discarding type qualifiers on AIX.
2020-02-17 22:53:24 +11:00
Darren Tucker
290c994336
Check if TILDE is already defined and undef.
...
Prevents redefinition warning on AIX.
2020-02-17 22:51:36 +11:00
Darren Tucker
41a2e64ae4
Prevent unused variable warning.
2020-02-17 22:51:00 +11:00
Darren Tucker
d4860ec4ef
Check if getpeereid is actually declared.
...
Check in sys/socket.h (AIX) and unistd.h (FreeBSD, DragonFLy and OS X).
Prevents undeclared function warning on at least some versions of AIX.
2020-02-17 22:48:50 +11:00
djm@openbsd.org
8aa3455b16
upstream: openssh-8.2
...
OpenBSD-Commit-ID: 0a1340ff65fad0d84b997ac58dd1b393dec7c19b
2020-02-14 11:40:54 +11:00
Damien Miller
72f0ce33f0
crank version numbers
2020-02-12 09:28:35 +11:00
Darren Tucker
b763ed05bd
Minor documentation update:
...
- remove duplication of dependency information (it's all in INSTALL).
- SSHFP is now an RFC.
2020-02-11 12:51:24 +11:00
Darren Tucker
14ccfdb724
Check if UINT32_MAX is defined before redefining.
2020-02-09 11:23:35 +11:00
Damien Miller
be075110c7
typo; reported by Phil Pennock
2020-02-07 15:13:26 +11:00
djm@openbsd.org
963d71851e
upstream: sync the description of the $SSH_SK_PROVIDER environment
...
variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive,
as the latter was more descriptive.
OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f
2020-02-07 15:03:20 +11:00
dtucker@openbsd.org
d4d9e1d405
upstream: Add ssh -Q key-sig for all key and signature types.
...
Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as
an alias for the corresponding query. Man page help jmc@, ok djm@.
OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
2020-02-07 15:03:20 +11:00
djm@openbsd.org
fd68dc2786
upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more
...
than the intended number of prompts (3) and 2) it would SEGV too many
incorrect PINs were entered; based on patch by Gabriel Kihlman
OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718
2020-02-07 14:31:02 +11:00
djm@openbsd.org
96bd895a0a
upstream: When using HostkeyAlgorithms to merely append or remove
...
algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing keys in
known_hosts; ok markus
OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
2020-02-07 09:53:00 +11:00
djm@openbsd.org
c728848673
upstream: expand HostkeyAlgorithms prior to config dump, matching
...
other algorithm lists; ok markus@
OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0
2020-02-07 09:53:00 +11:00
naddy@openbsd.org
a6ac5d36ef
upstream: Add Include to the list of permitted keywords after a
...
Match keyword. ok markus@
OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb
2020-02-07 09:53:00 +11:00
naddy@openbsd.org
a47f6a6c0e
upstream: Replace "security key" with "authenticator" in program
...
messages.
This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".
ok djm@
OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
2020-02-07 09:52:59 +11:00
Darren Tucker
849a9b8714
Don't look for UINT32_MAX in inttypes.h
...
... unless we are actually going to use it. Fixes build on HP-UX
without the potential impact to other platforms of a header change
shortly before release.
2020-02-06 12:21:49 +11:00
Damien Miller
a2437f8ed0
depend
2020-02-06 12:02:22 +11:00
Michael Forney
9716e8c495
Fix sha2 MAKE_CLONE no-op definition
...
The point of the dummy declaration is so that MAKE_CLONE(...) can have
a trailing semicolon without introducing an empty declaration. So,
the macro replacement text should *not* have a trailing semicolon,
just like DEF_WEAK.
2020-02-06 11:53:38 +11:00
djm@openbsd.org
d596b1d30d
upstream: require FIDO application strings to start with "ssh:"; ok
...
markus@
OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
2020-02-04 21:08:10 +11:00
djm@openbsd.org
501f358243
upstream: revert enabling UpdateHostKeys by default - there are still
...
corner cases we need to address; ok markus
OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57
2020-02-04 10:52:17 +11:00
jmc@openbsd.org
072f3b832d
upstream: use better markup for challenge and write-attestation, and
...
rejig the challenge text a little;
ok djm
OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
2020-02-04 10:00:18 +11:00
Damien Miller
262eb05a22
mention libfido2 in dependencies section
2020-02-03 21:22:15 +11:00
Damien Miller
ccd3b247d5
add clock_gettime64(2) to sandbox allowed syscalls
...
bz3093
2020-02-03 19:40:12 +11:00
dtucker@openbsd.org
adffbe1c64
upstream: Output (none) in debug in the case in the CheckHostIP=no case
...
as suggested by markus@
OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
2020-02-02 21:18:07 +11:00
dtucker@openbsd.org
58c819096a
upstream: Prevent possible null pointer deref of ip_str in debug.
...
OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
2020-02-02 20:31:48 +11:00
jmc@openbsd.org
0facae7bc8
upstream: shuffle the challenge keyword to keep the -O list sorted;
...
OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe
2020-02-02 20:25:09 +11:00
jmc@openbsd.org
6fb3dd0ccd
upstream: tweak previous;
...
OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3
2020-02-02 20:25:09 +11:00
Darren Tucker
92725d4d3f
Use sys-queue.h from compat library.
...
Fixes build on platforms that don't have sys/queue.h (eg MUSL).
2020-02-01 17:25:09 +11:00
djm@openbsd.org
677d0ece67
upstream: regress test for sshd_config Include directive; from Jakub
...
Jelen
OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
2020-02-01 10:28:33 +11:00
djm@openbsd.org
d4f4cdd681
upstream: whitespace
...
OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772
2020-02-01 10:22:33 +11:00
djm@openbsd.org
245399dfb3
upstream: force early logging to stderr if debug_flag (-d) is set;
...
avoids missing messages from re-exec config passing
OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff
2020-02-01 10:22:32 +11:00
djm@openbsd.org
7365f28a66
upstream: mistake in previous: filling the incorrect buffer
...
OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a
2020-02-01 10:22:10 +11:00
djm@openbsd.org
c2bd7f74b0
upstream: Add a sshd_config "Include" directive to allow inclusion
...
of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@
OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
2020-02-01 10:20:24 +11:00
jmc@openbsd.org
ba261a1dd3
upstream: spelling fix;
...
OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402
2020-02-01 10:15:27 +11:00
djm@openbsd.org
771891a044
upstream: document changed default for UpdateHostKeys
...
OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c
2020-01-31 09:27:10 +11:00
djm@openbsd.org
d53a518536
upstream: enable UpdateKnownHosts=yes if the configuration
...
specifies only the default known_hosts files, otherwise select
UpdateKnownHosts=ask; ok markus@
OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
2020-01-31 09:27:10 +11:00
Darren Tucker
bb63ff844e
Look in inttypes.h for UINT32_MAX.
...
Should prevent warnings on at least some AIX versions.
2020-01-30 18:54:42 +11:00
djm@openbsd.org
afeb6a960d
upstream: use sshpkt_fatal() instead of plain fatal() for
...
ssh_packet_write_poll() failures here too as the former yields better error
messages; ok dtucker@
OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3
2020-01-30 18:22:34 +11:00